[ofa-general] [PATCH] osmtest/osmt_service.c: fix over bound array access

Sasha Khapyorsky sashak at voltaire.com
Mon Aug 4 01:26:20 PDT 2008


id[] buffer is accessed over its bounds.

Signed-off-by: Sasha Khapyorsky <sashak at voltaire.com>
---
 opensm/osmtest/osmt_service.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/opensm/osmtest/osmt_service.c b/opensm/osmtest/osmt_service.c
index ce13500..738a1d8 100644
--- a/opensm/osmtest/osmt_service.c
+++ b/opensm/osmtest/osmt_service.c
@@ -1211,7 +1211,7 @@ ib_api_status_t osmt_run_service_records_flow(IN osmtest_t * const p_osmt)
 	OSM_LOG_ENTER(&p_osmt->log);
 
 	/* Init Service names */
-	for (i = 0; i <= 6; i++) {
+	for (i = 0; i < 7; i++) {
 #ifdef __WIN__
 		uint64_t rand_val = rand() - (uint64_t) i;
 #else
@@ -1223,6 +1223,7 @@ ib_api_status_t osmt_run_service_records_flow(IN osmtest_t * const p_osmt)
 			"osmt.srvc.%" PRIu64 ".%" PRIu64, rand_val, pid);
 		/*printf("-I- Service Name is : %s, ID is : 0x%" PRIx64 "\n",service_name[i],id[i]); */
 	}
+
 	status = osmt_register_service(p_osmt, cl_ntoh64(id[0]),	/*  IN ib_net64_t      service_id, */
 				       IB_DEFAULT_PKEY,	/*  IN ib_net16_t      service_pkey, */
 				       0xFFFFFFFF,	/*  IN ib_net32_t      service_lease, */
@@ -1377,12 +1378,12 @@ ib_api_status_t osmt_run_service_records_flow(IN osmtest_t * const p_osmt)
 		goto Exit;
 	}
 
-	/*  Bad Flow of Get with invalid Service ID: id[7] */
-	status = osmt_get_service_by_id(p_osmt, 0, cl_ntoh64(id[7]), &srv_rec);
+	/*  Bad Flow of Get with invalid Service ID: id[6] */
+	status = osmt_get_service_by_id(p_osmt, 0, cl_ntoh64(id[6]), &srv_rec);
 	if (status != IB_SUCCESS) {
 		OSM_LOG(&p_osmt->log, OSM_LOG_ERROR, "ERR 4A20: "
 			"Found service: id: 0x%016" PRIx64 " "
-			"that is invalid\n", id[7]);
+			"that is invalid\n", id[6]);
 		status = IB_ERROR;
 		goto Exit;
 	}
-- 
1.5.5.1.178.g1f811




More information about the general mailing list